Career change- Trying to move to IT security

I have less than 2 years help desk experience. bachelors in Computer Engineering Technology, just got my Security + and next week i start a class for CCNA/CCNA Security. I'm really trying to move to IT Security but I am having a hard time finding entry level roles with no experience. I'm wondering of i should just apply for help desk roles at a technology based or cyber security based company and try to move up or keep looking for Jr level security positions. I just had an interview for a Jr. level position and bombed it because i couldnt answer any of the technical questions (many of the questions were basic computing that i forgot since ive been out of work for almost a year. some were security principles) I moved from Texas to California and i was making $47,000 in Texas working help desk. I talked to a recruiter about a help desk position for $17-19. i declined because it was almost $10,000 less than my old salary. i thought $40-50,000 for help desk was average. i dont think i can go back to help desk making lower than i used to especially with such high cost of living
here are my questions:

1. Do you have any advice for breaking into the IT Security field with no experience?
2. Would it be easier to take a Help Desk role and just move up within a company after a year or 2? would it take longer?
3. Is $40,000 -50,000 a reasonable salary range for Help Desk/Tech Support in California?
4. How can i practice my skills in case i get another interview? (basic networking, troubleshooting, security, systems)

Find more posts tagged with

Comments

636-555-3226

Security isn't an entry-level job. Start somewhere and then work towards it. If you get in somewhere that has an infosec department then try to do your normal work and volunteer to help infosec as much as time permits. be a security advocate in whatever your dept is, etc.

wrfortiscue

I'm in the exact same boat. Try to soak up exp at your company, that's what I'm trying to do. Also looking outside for any opportunities.

tedjames

If you're unemployed, a $10k pay cut is still a raise. After a long bout with unemployment in 2001 (when benefits/savings ran out), I found a job paying $11k less than my last real job. It was a step back, but I used it to get out of debt and eventually pivoted off of that job into something better.

It's very hard to get into security with no experience. Most people I've known transition into it from some facet of IT, mostly networking. My advice is to get back into help desk and then learn as much as you can about networking and security, making contacts in the security world (conferences, Tech Exams, LinkedIn, other discussion groups). Having Security+ is a good start. CCNA is a good addition. Keep pushing your security training. You can get some great FREE training on Cybrary and some great inexpensive training on Udemy.

A friend of mine started one of his first IT jobs at a company back in 2004. He had an interest in security and noticed that they didn't have a security program. He talked to his boss about it, and his boss allowed him to put one hour a week into researching and developing a security program. Eventually, it because 2-3 hours and then more per week while still maintaining his normal IT duties. Five years later, they made him their CISO. Moral of the story: Look for opportunities and then sieze them.

Computer Engineering Technology degree? Seems like that would lead to something bigger than help desk. What else can you do with that degree?

Danielm7

I just had an interview for a Jr. level position and bombed it because i couldnt answer any of the technical questions (many of the questions were basic computing that i forgot since ive been out of work for almost a year. some were security principles)

Take a long look at that. You did get an interview and didn't know any of the answers, not to be a jerk here, but why would/should they hire you if you didn't even remember basic computing stuff? Do you have good reasons for being out of work for a year, did you finish school in that time? Might be a red flag to a lot of people, maybe there are better ways to phrase what happened?

Also, agree with the others, it's possible, but difficult to break into security, I had to do it too.

markulous

I'm doing the same thing so I took on this role as a systems/network admin (although I get to do audits, CIS hardening, compliance, etc). If you've got good experience with all things IT and have a good understanding of proper configurations and best practices, I think people are more likely to take a change on you if you've got a good base knowledge.

shortiebs

I only took time off work because i had a baby. I dont HAVE to work and we could still be financially secure. My issue is i don't want to take a job that isnt worth my time. I would rather wait for a good salary or a company with a big tech/security department versus taking the easiest route . I was just wondering if i was being unreasonable expecting $40.000-50.000. I thought the marker in California was higher than Texas.

wrfortiscue

Well I'm a graduate from WGU with IT security, work in Texas in helpdesk for 4 years AND just got a raise, make 42k lol.

shortiebs

No you arent a jerk. I moved to California from Texas and had a baby. so i have been out of work. I can study and brush up on the skills. but i didnt realize i had forgotten so much stuff. changing diapers doesnt exactly utilize your technical expertise. i just started applying for jobs again last month since im ready to go back now.

Sweece

636-555-3226 wrote: »

Security isn't an entry-level job. Start somewhere and then work towards it. If you get in somewhere that has an infosec department then try to do your normal work and volunteer to help infosec as much as time permits. be a security advocate in whatever your dept is, etc.

Couldn't agree more with this. Security isn't Entry Level. My suggestion is just get a job back in IT and MAKE CONNECTIONS! It's all about who you know. If someone from your Security department knows you're interested in security, then maybe they have a job for you.

shortiebs wrote: »

I only took time off work because i had a baby. I dont HAVE to work and we could still be financially secure. My issue is i don't want to take a job that isnt worth my time. I would rather wait for a good salary or a company with a big tech/security department versus taking the easiest route . I was just wondering if i was being unreasonable expecting $40.000-50.000. I thought the marker in California was higher than Texas.

"That isn't worth my time"

I don't think this way of salary-driven thinking is good man. Do what you love, and the money is just a bonus, especially if you "don't have to work." It sounds to me like you're stuck in the Help Desk loop. Applying for security jobs and only showing them Help Desk resumes is extremely difficult, which again I can't stress enough how important connections are. Get back in IT Help Desk and make connections with people you want to be working with.

Danielm7

For salaries your best bet is to look at the local job listings, glassdoor, salary.com, etc. California is typically higher than most areas but it still depends on the company and your experience. If you're in the bay area you might get a lot more for helpdesk but it still would barely be enough to survive.

Danielm7

Sweece wrote: »

Couldn't agree more with this. Security isn't Entry Level. My suggestion is just get a job back in IT and MAKE CONNECTIONS! It's all about who you know. If someone from your Security department knows you're interested in security, then maybe they have a job for you.

Very much agree with this. Getting the right job is typically who you know, you have to know your stuff, but, the personal connection makes all the difference.

volfkhat

shortiebs wrote: »

I just had an interview for a Jr. level position and bombed it because i couldnt answer any of the technical questions (many of the questions were basic computing that i forgot since ive been out of work

Well that's Part of the problem.
With resources like Professor Messor, Cybrary, Microsoft Virtual Academy, and scores of random youtube channels,
there's Not much excuse for forgetting the basics.

In fact,
i've quit my job the past two Summers; and i do LOTS of Training/Studying during my time off.
and i'm only talking about 60-90 minutes per day (a nice easy pace).

Look at your schedule, Figure out when you can have Quiet Time, and Commit to it.
If you want to break into a new field... then Get to studying :]

California is a Big Place (just like Texas); maybe you need to consider the City/metro you are in for a better expectation of salary. But, since you claim that you dont really HAVE to work... then you need to focus on QUALITY of work (rather than salary).

I don't know anything about how to break into Security... but here's my (questionable) theory:
If you wan to get into Security... then maybe become an Specialist/Expert in something else first; then use that to Help Pivot into Security.

I know a person who was a Database Administrator (5-7 years of decent experience); she got fired from my job. End result: she lucked into position working as a Security Analyst.

Me, i started at a helpdesk answering phones & creating tickets. then i got the opportunity to ALSO learn about desktops. Then, i got the opportunity to also watch/shadow Server admins and learn more.
5-10 years later, my resume shows LOTS of Server admin exp. Throw in a few relevant certs, and now it "appears" that i know what i'm doing.

End result: You and I both have the same amount of "Security" experience on our Resume (ZERO). But i think i have a better shot of landing an entry position (if i leverage my prior exp properly).

So.. what can you become an expert in? (Maybe consider the desktop technician path?)

But then again;
I also know another coworker who worked at a helpdesk. He was just a level 1 phone-jockey. No college degree, and No certifications. But he DID have a desire to Learn more. After 2-3 years, he quit his job, and Took the SAME role at another place. But within 12 months, he got the opportunity to stay late, and shadow the network team on deployments. Next thing you know, he gets an opportunity to move into TELECOM (assuming he earns his Network+ certification). Well, 3 years later, he Now knows more about Networks than i do. (and Networking is what i want to do!)

So whats my point?
Hell if i know.

Maybe you just need to be LUCKY.
(but you Definitely need to start studying)

DatabaseHead

Hopefully you don't walk into one of those policy positions.... Those sound aweful!

LionelTeo

Interest. Good security professionals spend a lot of the off time doing security stuff they are interested in. From reversing malwares, to analyzing stuff, pcaps, writing scripts, pentesting random box and attempting challenges; or at least find an area of interest and pick up a book in that area and start studying. A person whose looking for work in Security will simply be someone who does his BAU work from 8 to 5. A person with interest in security will made an impact with his continuous discovery.

This guy got into it eventually
http://www.techexams.net/forums/sans-institute-giac-certifications/108806-passed-gcih-yesterday-80-score.html

I had him in contacts on linkedin